Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6744 | 1 Flexerasoftware | 1 Installshield | 2012-01-20 | 2.1 LOW | N/A |
| Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interaction between InstallShield and Signcode.exe. | |||||
| CVE-2011-2769 | 1 Tor | 1 Tor | 2012-01-19 | 4.3 MEDIUM | N/A |
| Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values. | |||||
| CVE-2011-3220 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 4.3 MEDIUM | N/A |
| QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. | |||||
| CVE-2011-0231 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 5.0 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." | |||||
| CVE-2011-4896 | 1 Tor | 1 Tor | 2011-12-30 | 4.3 MEDIUM | N/A |
| Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port. | |||||
| CVE-2011-4897 | 1 Tor | 1 Tor | 2011-12-30 | 4.3 MEDIUM | N/A |
| Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname value, which allows remote attackers to obtain potentially sensitive information by reading this value. | |||||
| CVE-2011-4894 | 1 Tor | 1 Tor | 2011-12-23 | 4.3 MEDIUM | N/A |
| Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by observing DirPort connections. | |||||
| CVE-2011-4895 | 1 Tor | 1 Tor | 2011-12-23 | 4.3 MEDIUM | N/A |
| Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which makes it easier for remote attackers to enumerate bridges by observing circuit building. | |||||
| CVE-2011-4850 | 2 Microsoft, Parallels | 3 Windows 2003 Server, Windows Server 2008, Parallels Plesk Panel | 2011-12-16 | 4.3 MEDIUM | N/A |
| The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by help.php and certain other files. | |||||
| CVE-2011-4497 | 1 Asus | 2 Rt-n56u, Rt-n56u Firmware | 2011-11-21 | 3.3 LOW | N/A |
| QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request. | |||||
| CVE-2011-4457 | 1 Owasp-java-html-sanitizer Project | 1 Owasp-java-html-sanitizer | 2011-11-18 | 2.6 LOW | N/A |
| OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element. | |||||
| CVE-2011-2774 | 1 Mahara | 1 Mahara | 2011-11-15 | 4.0 MEDIUM | N/A |
| The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter. | |||||
| CVE-2011-0197 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-10-27 | 2.1 LOW | N/A |
| App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions. | |||||
| CVE-2011-3720 | 1 Conceptcms | 1 Conceptcms | 2011-10-21 | 5.0 MEDIUM | N/A |
| conceptcms 5.3.1, 5.3.3, and possibly other versions allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by sys_libs/umlib/um_authserver.inc.php and certain other files. | |||||
| CVE-2011-3253 | 1 Apple | 1 Iphone Os | 2011-10-14 | 2.6 LOW | N/A |
| CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. | |||||
| CVE-2006-2900 | 2 Canon, Microsoft | 2 Network Camera Server Vb101, Ie | 2011-10-11 | 4.0 MEDIUM | N/A |
| Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. | |||||
| CVE-2011-2081 | 1 Inventivetec | 1 Mediacast | 2011-09-22 | 5.0 MEDIUM | N/A |
| MediaCAST 8 and earlier does not properly handle requests for inventivex/isptools/release/metadata/globalIncludeFolders.txt, which allows remote attackers to obtain sensitive information via unspecified vectors related to the Public/ directory tree. | |||||
| CVE-2011-2076 | 1 Inventivetec | 1 Mediacast | 2011-09-22 | 5.0 MEDIUM | N/A |
| MediaCAST 8 and earlier stores passwords in cleartext, which makes it easier for context-dependent attackers to obtain sensitive information by reading an unspecified password data store, a different vulnerability than CVE-2010-0216. | |||||
| CVE-2011-1498 | 1 Apache | 1 Httpclient | 2011-09-22 | 4.3 MEDIUM | N/A |
| Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header. | |||||
| CVE-2010-4781 | 1 Enanocms | 1 Enano Cms | 2011-09-22 | 5.0 MEDIUM | N/A |
| index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message. | |||||